Microsoft releases new security updates for its products at least once a month. In most cases, the Windows Update service does an excellent job of downloading and installing Windows updates automatically. You can also manually download and install the latest cumulative security update for your Windows version (build). For example, on computers with the wususerv
service disabled, on disconnected environments (if you are not using a WSUS server where you can manually test and approve Windows updates), on a local network with a metered connection, etc.
Checking Windows Update History
You can check the date of the recent updates installed on your computer using the following PowerShell command:
gwmi win32_quickfixengineering |sort installedon -desc
Source Description HotFixID InstalledBy InstalledOn ------ ----------- -------- ----------- ----------- PCname1 Security Update KB5011352 NT AUTHORITY\SYSTEM 2/9/2022 12:00:00 AM
This screenshot shows that the last security update was installed on this computer on February 9, 2022.
Get-WUHistory
cmdlet from PSWindowsUpdate module:Get-WUHistory|Where-Object {$_.Title -like "KB*"} |Sort-Object date -desc
Next, you need to find out the version and build number of your Windows. Use the following PowerShell command:
Get-ComputerInfo | select WindowsProductName, WindowsVersion, OsHardwareAbstractionLayer, OsArchitecture
WindowsProductName WindowsVersion OsHardwareAbstractionLayer OsArchitecture Windows 10 Pro 2009 10.0.19041.1566 64-bit
In my case, I need to download the latest security updates for Windows 10 20H2 x64.
How to Find and Download the Latest Security Update for Windows?
You can manually download the recent updates for Microsoft products from the Microsoft Update Catalog — https://www.catalog.update.microsoft.com/Home.aspx. You can find any update for all supported Windows versions (the direct import of updates via WSUS console is also supported). The main problem is that there is no convenient search function in the Update Catalog. If you don’t know the number of KB you need to install, it’s pretty hard to find and download the right MSU update package.
Let’s take a look at how to make a correct query to find updates for your Windows version in the Microsoft Update Catalog. This article was written on March 10, 2022, so the latest security updates were released two days ago on March 8 (the second Tuesday of the month). In our case, to search for March 2022 security updates for Windows 10 20H2 x64, copy the following search query and paste it into the search field in the right upper corner:
windows 10 20h2 x64 3/%/2022
Microsoft Update Catalog has returned a list of 3 updates.
How can you decide which of these updates you need to download and install? Of course, you can download and install them all, but you can save time. Since Microsoft uses cumulative updates, you just need to download and install the latest Cumulative Security Update for your OS version.
There is only one large (over 600MB) cumulative update available for my Windows 10 build:
- 2022-03 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5011487), Windows 10 version 1903 and later, Security Updates, 3/7/2022 — 655.6 MB
Click on the name of the security update KB5011487. In the next window with update info, go to the Package Details tab. This tab shows which updates this update replaces (This update replaces the following updates) and which update it replaces in turn (This update has been replaced by the following updates).
As you can see, it has no replacement: This update has been replaced by the following updates: n/a
. It means that it is the most recent cumulative security update for your version of Windows 10.
Click on the Download button, and a direct link to download the MSU update file will appear in the next window. Download the file and save it on your local drive.
Select your build of Windows 10 (in my example, it is Windows 10 20H2) from the list on the left, then look at the list called In this release. The first entry refers to a knowledge base article (KB) with the latest cumulative update for the selected Windows version. In our example, this is March 8, 2022—KB5011487 (OS Builds 19042.1586, 19043.1586, and 19044.1586. This is the update we downloaded according to the above method.
Then download the latest available Windows 10 Servicing Stack Update (SSU). This update can also be found in the Windows Update Catalog using the key phrase: servicing stack windows 10 20h2
Be sure to install the Servicing Stack Update before installing the cumulative Windows security update.
Downloading Windows Update Files Using PowerShell
To manually download MSU update files from the Microsoft Update Catalog, you can use the Save-KBFile cmdlet from the KBUpdate module (KB Viewer, Saver, Installer and Uninstaller) https://github.com/potatoqualitee/kbupdate
Install the module from the PowerShell Gallery:
Install-Module KBUpdate -Scope CurrentUser
To download specific update files, run the following PowerShell command:
Save-KBFile -Name KB5011487, 5005260 -Architecture x64 -Path C:\Distr\Updates
Manually Install Cumulative Security Updates on Windows
After you have downloaded the MSU file with the latest security update for your Windows 10 version, you can install it. To do it, double-click the MSU file and follow the prompts of the Windows Update Standalone Installer.
In some cases, you may need to reset the Windows Update service and agent settings to their default state.
After the installation of the update package is complete, restart your computer.
You can also install Windows update from the command prompt in the quiet mode using the built-in wusa.exe tool (Windows Update Standalone Installer). The following command will install the specified update in the silent mode and postpone the automatic reboot of the computer after the installation is completed:
wusa C:\updates\windows10.0-kb5011487-x64_8bc93fe5c681ddf741120602899a730c65c155d6 /quiet /norestart
start /wait DISM.exe /Online /Add-Package /PackagePath: c:\updates\KB5011487\Windows10.0-KB5011487-x64.cab /Quiet /NoRestart
Or use this CAB file to slipstream update into your Windows installation image.
Manually Update Windows Defender Signatures
If you have built-in Windows Defender Antivirus enabled on your Windows device, you can manually update its signatures. An update with the new signature set can be downloaded from the Microsoft Update Catalog, or (easier) from this page https://www.microsoft.com/en-us/wdsi/defenderupdates#manual.
Download the offline installation file for your version of Window. For example, Microsoft Defender Antivirus for Windows 10 and Windows 8.1 64-bit.
Run and install the file fpam-fe.exe
to update the antivirus definitions.
How to Manually Upgrade a Windows 10 Build (Feature Update)?
You can also manually update your Windows 10 build (Feature Update). For example, you want to manually upgrade the Windows 10 build on your computer from 20H2 (end of support May 10, 2022) to 21H2.
To do this, go to https://www.microsoft.com/en-us/software-download/windows10 and click the Update Now button.
The wizard prompts you to update to the latest version of Windows 10 (Windows 10 November 2021 Update). This update requires an Internet connection.
To perform an offline upgrade of a Windows 10 build, create an installation ISO image with a new Windows 10 build using the Media Citation Tool (which allows you to create an ISO image or bootable Windows 10 USB flash drive).
Then mount the ISO image into a Windows virtual drive and run the setup.exe
file. Follow the steps of the Windows Update Wizard. This is described in more detail in the article about upgrading a Windows 10 build from the command prompt.
3 comments
Very nice article. thanks a lot.
Your Microsoft Update Catalog script does not find any results?
I got results using this format, “windows 10 21h2 x64 2022-09”